OverviewAs Cyber Security Manager at Two Circles, you play a key role in keeping our systems, people and data safe from external and internal threats by focusing on incident detection, response and remediation; threat hunting; security monitoring; continual improvement and providing technical assurance for solution design and changes. This will include maintaining and improving our security posture in tandem with GRC practices and policies as they evolve to align with current and future standards and frameworks, such as SOC 2, ISO 27001, as well as applicable legislation, including GDPR and UK DPA, working closely with our Legal and Privacy as well as the wider Technology team. Internally-facing, you will lead day to day cyber security operations and project based work. You will help train and upskill your fellow Two Circlers on topics such security awareness, OWASP Top 10 and Security by Design, as well as understanding and feeding into their processes and workflows, to keep good security practice on the agenda. Externally, this role will also engage with our fascinating clients as appropriate to support their security assurance needs, as well as our technology partners and suppliers to ensure their alignment with our security approach and requirements. Internally, you will be responsible for our Security Operations activities with our operational team and external partners, including Incident Response and Threat Intelligence, to ensure these are executed consistently to our standards, as well as supporting Continual Security Improvement and being the Tech Ops representative in the GRC working group. As a fast growing organisation, with multiple offices across the globe, we are on a journey to standardize our security tools and infrastructure across the group, and this role will play a key part in aligning on best practice, and delivering improvements in our security posture. We are looking for a team player, who can work with our technology leaders to develop and implement cybersecurity policy, process and technology. This person will have hands on knowledge of working in a cyber security team, in both a operational and ideally project delivery role, and is looking for their next step.

Key Responsibilities

Assuring day-to-day execution of operational security tasks across multiple areas including threat and vulnerability management, anti-virus management, security monitoring etc.

Helping design and deliver improved security tooling across all areas of cyber security (DR design and testing, End user tooling, SIEM tooling and event ingestion etc.)

Supporting the Technology team to keep information security infrastructure up to date with emerging threats and vulnerabilities, including advising on architecture and design of internal and client-facing solutions

Operationalising and ensuring delivery of security policy, standards and procedures

Providing technical expertise towards compliance initiatives and programmes e.g. ISO 27001, Cyber Essentials Plus, GDPR

Technical aspects of vendor and partner security reviews

Increasing the levels of understanding of Information Security with end users, leading to improved user interactions and overall experience with our team

Thinking of and implementing new ways to automate and improve security across the business

Protecting the data entrusted to us by our clients at all times

Requirements

Managing technical risks and proposing solutions and recommendations

Security Operations procedures, i.e. Incident management and response

Configuring, optimising and reporting with Microsoft 365 Security and Compliance modules, including Defender, Security Centre, Protection, Compliance Centre

Experience of both cyber operational roles, but experience of having delivered security change projects/programmes

Experience with GDPR/UK Data Protection, Cyber Essentials and ISO 27001 frameworks

Azure security tooling including Security Centre, Defender, Sentinel, Intune, AWS Security Hub, GuardDuty, Inspector, WAF, Security Lake, CloudTrail

Able to understand and effectively communicate technical concepts in discussions with both technical and non-technical colleagues

Broad knowledge around network technologies (especially cloud) and technical security

Configuring and maintaining endpoint security technologies (AV, firewall, encryption, email protection, web filtering)

Awareness of architectural principles for technical solution design, e.g. Zero Trust, least privilege RBAC, Security by Design, PAM, Segregation of Duties

Data Protection and DLP

Experience with the following would also be beneficial

NIST, SOC2 and additional compliance and regulatory frameworks

Project Management and technical delivery

Experience of, or a keen interest in, the business of sport

BenefitsWe offer a benefits package to suit you and your lifestyle! Out of a core monthly budget, you can choose your own comprehensive benefit package

Renowned Team Days often throughout the year

Summer Away Days

23 standard days of holiday (+1 Birthday, +1 for a ''Big Life Event'', +1 Well-being Day, and +1 Admin Day), closure of office over Christmas (plus Bank Holidays)

Discretionary Bonus based on company performance

Performance Reviews every 6 months with discretionary salary increases

Private healthcare (Vitality) and/or Health Care Plan (Medicash)

Mobile phone contribution

Sport Challenge contribution

Gym membership contribution

2x annual kit drops

#J-18808-Ljbffr